package com.eternal.login.shiro;

import com.eternal.Exception.LoginException;
import com.eternal.Exception.ResultEnum;
import com.eternal.Exception.ResultException;
import com.eternal.permission.entity.PermissionInfo;
import com.eternal.permission.entity.RoleInfo;
import com.eternal.util.user.entity.UserInfo;
import com.eternal.util.user.service.UserInfoService;
import com.eternal.util.user.vo.UserVo;
import lombok.extern.java.Log;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.StringUtils;

import java.util.HashSet;
import java.util.Set;

@Log
public class CustomRealm extends AuthorizingRealm {

    @Autowired
    private UserInfoService userInfoService;


    /**
     * 获取身份验证信息
     * Shiro中，最终是通过 Realm 来获取应用程序中的用户、角色及权限信息的。
     *
     * @param authenticationToken 用户身份信息 token
     * @return 返回封装了用户信息的 AuthenticationInfo 实例
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) {
        log.info("————身份认证方法————");
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
        // 从数据库获取对应用户名密码的用户
        UserInfo userInfo = userInfoService.getUserInfo(token.getUsername());
        if (null == userInfo) {
            throw new LoginException(ResultEnum.USER_NOT_EXIST);
        }
        String password = userInfo.getPassword();
        if (null == password) {
            throw new LoginException("用户名不正确");
        } else if (!password.equals(String.valueOf(token.getPassword()))) {
            throw new LoginException(ResultEnum.USER_NOT_PASSWORD);
        }
        UserVo userAllInfo = userInfoService.getUserAllInfo(token.getUsername());

        if (StringUtils.isEmpty(userAllInfo)) {
            throw new LoginException(ResultEnum.USER_INSUFFICIENT_PRIVILEGES);
        }


        return new SimpleAuthenticationInfo(userAllInfo, password, getName());
    }

    /**
     * 获取授权信息
     *
     * @param principalCollection
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        log.info("————权限认证————");
        UserVo userVo = (UserVo) SecurityUtils.getSubject().getPrincipal();
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        //获得该用户角色
        // String role = userMapper.getRole(username);
        Set<String> roleSet = new HashSet<>();
        //需要将 role 封装到 Set 作为 info.setRoles() 的参数
        Set<String> permissionsSet = new HashSet<>();
        for (RoleInfo roleInfo : userVo.getRoles()) {
            roleSet.add(roleInfo.getRoleId());
        }

        for (PermissionInfo permissionInfo : userVo.getPermissionInfos()) {
            permissionsSet.add(permissionInfo.getPId());
        }

        //设置该用户拥有的角色
        info.setRoles(roleSet);
        //设置该用户的权限
        info.setStringPermissions(permissionsSet);
        return info;
    }


}